With the event log errors you've listed and the other symptoms I'm willing to bet your domain name is what’s call a "single label DNS name" rather than a fully qualified domain name. For example our fully qualified domain name is "einaudi.cornell.edu", however, I used "CISNET" for our internal network, I too had issues similar to yours initially. Microsoft wants you to use fully qualified domain names when contructing your network but doesn't really tell you why, they let you discover it the hard way. By the way if you try to install Exchange 2007/2010 in a domain with a single lable DNS name the installation will fail.

Anyway if you've done this the following will fix your problems:

To enable an Active Directory domain member to use DNS to locate domain controllers in domains that have single-label DNS names that are in other forests, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:

1. In the details pane, locate the AllowSingleLabelDnsDomainentry. If the AllowSingleLabelDnsDomainentry does not exist, follow these steps:
2. On the Editmenu, point to New, and then click DWORD Value.
3. Type AllowSingleLabelDnsDomainas the entry name, and then press ENTER.
4. Double-click the AllowSingleLabelDnsDomainentry.
5. In the Value databox, type 1, and then click OK.
6. Exit Registry Editor.

Hi Guys, thanks for your prompt responses.... please let me know what I can tell you to help you help me:

CharlieB - When I first reviewed the DNS tutorials & videos on Spiceworks I checked the ageing/scavenging settings and they were disabled. So I activated the ageging/scavenging option on ONLY my forward lookup zone but NOT my reverse lookup zone (I was hesitant at the time to make too many changes as I was very new to DNS). I kept the default setting (7 days) and this was exactly 7 days ago. Should I set the reverse lookup zone to the same? Is there anything to gain from setting a shorter period (less than 7 days)?

Martin9700 - What I am trying to do was sparked by my initial download of SpiceWorks (and subsequent scan) which suggested I fix DNS errors on my network. I knew nothing about DNS but I am now determined to try and correct it :) At the most basic, I notice that the DNS records on my server are very old and dont seem to replace as per all the guides suggest they should.

I may have misled you with the term zone transfers as I am definitely not trying to transfer dns records to any workstations. (sorry about that) I just want my workstations to update the servers DNS records which it appears isn't happening. I thought that by selecting 'reload' in the forward lookup zone I might see more recent records than were currently displayed. However now I am thinking this is a feature for supporting multiple DNS servers(?).

RE: the 'how-to' guide.... it speaks of resolving DNS outside of my network, I am only trying to resolve the names of each individual workstation within my network. Is it accurate to say these are two different functions of DNS? (this is how 'green' I am).

WaltB - I have a network with 7 workstations and a server (win sever 2003 for small bus server sp2). I have AD setup and DNS running on the server (apparently integrated with AD).

Nope, it's all the same function. The difference is the location of the zone itself. Let's say your internal FQDN is mycompany.local. You have that zone defined on your DNS server. Follow the how-to on name resolution and you'll see one of the first places your workstation will check is the DNS server it's configured for to see if that zone exists there. Since it does, it skips all of the other searching and just goes straight to the "A" or host record it needs (or whatever record it's looking for).

To get rid of stale records you need to turn n scavenging per CharlieB's post. You also want to make sure the DNS server is set to allow updates. Usually that's the default but you want to look at it. I don't have a DNS server in front of me right now so can't tell you the exact setting (hopefully someone will chime in)

With the event log errors you've listed and the other symptoms I'm willing to bet your domain name is what’s call a "single label DNS name" rather than a fully qualified domain name. For example our fully qualified domain name is "einaudi.cornell.edu", however, I used "CISNET" for our internal network, I too had issues similar to yours initially. Microsoft wants you to use fully qualified domain names when contructing your network but doesn't really tell you why, they let you discover it the hard way. By the way if you try to install Exchange 2007/2010 in a domain with a single lable DNS name the installation will fail.

Anyway if you've done this the following will fix your problems:

To enable an Active Directory domain member to use DNS to locate domain controllers in domains that have single-label DNS names that are in other forests, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:

1. In the details pane, locate the AllowSingleLabelDnsDomainentry. If the AllowSingleLabelDnsDomainentry does not exist, follow these steps:
2. On the Editmenu, point to New, and then click DWORD Value.
3. Type AllowSingleLabelDnsDomainas the entry name, and then press ENTER.
4. Double-click the AllowSingleLabelDnsDomainentry.
5. In the Value databox, type 1, and then click OK.
6. Exit Registry Editor.

I have activated ageing/scavenging on both the fwd & rvs lookup zones (is 7 days OK, or should I shorten this?).

I have attached a screenshot of my fwd lookup zone, you will note that the machines registered (room1, reception1, room2 etc) have all got IP addresses, but these IP addresses haven't been used for years. The current range is 10.0.0.30-36 which is what I would ideally like to see here. This will also allow me to nslookup from any machine on the network and resolve 10.0.0.30/reception1 etc (yes?)

WaltB - am I to make your suggested registry setting changes to the server, or my client workstations? (sorry I made that ageing change before your post)...

The link has instructions for two methods, one where the changes happen on the client PCs, the other where a single change happens on the domain controller. The instructions I posted are for the domain controller version (and what I did on my networks).

As always when making registry changes make sure you have a decent backup of the server prior.